- What is your product version? 10.2.0
- What is your product type (Angular or MVC)? Angular
- What is product framework type (.net framework or .net core)? .net core
Hi everyone, When I deactivate the tenant, the tenant continues to use the system until it is not logout. But I want to prevent this somehow. Is there any way to do this while taking RefreshToken? Or is there a different way?
Also, apart from this subject, do you have a ready method where I can get the URL of the client requesting the API? Or should I write a special method myself?
You can validate the Tenant here https://github.com/aspnetzero/aspnet-zero-core/blob/dev/aspnet-core/src/MyCompanyName.AbpZeroTemplate.Web.Core/Authentication/JwtBearer/AbpZeroTemplateJwtSecurityTokenHandler.cs. But, this will be executed for all authenticated requests. So, you can store Tenant info in the cache so your tenant validation code can check the cache instead of checking it from database.
The URL is not saved by default I think, but you can cehck the tenant in
Thanks for your answers. I need some more information about this problem.
- Does AbpZeroTemplateJwtSecurityTokenHandler.cs runs on all request? Especially I wonder if it is run when getting Refresh Token, Because I need deactivated tenants or users not be able to get AccessToken after being deactivated?
- Where is the best place to add token to cache?
- Yes, it works for all authenticated requests.
- I think it is better to crete a new cache for storing tenantId and its active state. If you are going to have so many tenants, maybe you can consider alternative approaches. You can take a look at https://aspnetboilerplate.com/Pages/Documents/Caching for creating a new cache. You also need to update this cache using domain events when a tenant is created/updated and deleted.